Confluence - Cloud
Navigation Path
Management → Accounts & Integrations → Add New Account (top right) → Atlassian → Scoped API Token - Confluence
Overview
Connect SailPoint Entro to Confluence Cloud with a scoped API token to enable least-privilege, read-only scanning of pages, comments, and attachments, plus space and user context. All access strictly follows the scopes you grant and your existing Confluence permissions.
Installation & Configuration
-
Get Company's Confluence Domain
-
Login to your company's Atlassian Confluence.
-
Get the domain with the format:
https://<yourCompany>.atlassian.net -
Copy the domain and save for later.
-
-
Get Your Confluence Cloud ID
-
While logged in to Confluence, go to this URL:
https://<yourCompany>.atlassian.net/_edge/tenant_info -
The JSON presented includes the Cloud ID.
-
Copy the Cloud ID and save for later.
-
-
Get Your Atlassian User Email Address
-
While logged in to Confluence, go to this URL: [
https://id.atlassian.com/manage-profile/profile-and-visibility](https://id.atlassian.com/manage-profile/profile-and-visibility) -
Under the Contact section, see the user email address.
-
Copy the email address and save for later.
Optional: Create Dedicated SailPoint Entro Integration User
Create a SailPoint Entro user with its own email account, it can be used for all future Atlassian integrations as well if necessary.
-
Go to Atlassian Admin Portal - Admin user is required.
-
Click on "Directory" tab.
-
Click on "Invite user" and follow the prompts.
-
Use the created user email address in the Atlassian username on the SailPoint Entro onboarding form.
-
-
Create Confluence Scoped API Token
-
Go to Atlassian API Token page and click on Create API token with scopes.
-
Give the token a name (for example:
Entro Security Confluence Integration). -
Set expiration date for the token (maximum time is 365 days).
-
Click on Next.
-
Choose Confluence and click on Next.
-
Select the scopes you wish to grant the token. The below scopes are what SailPoint Entro requires in order to scan and give the best context on an exposure detected.
read:confluence-content.all read:confluence-content.permission read:confluence-content.summary read:confluence-groups read:confluence-props read:confluence-space.summary read:confluence-user read:account readonly:content.attachment:confluence search:confluenceOr just copy the below in the searchbox for easy selection:
read:confluence-content.all,read:confluence-content.permission,read:confluence-content.summary,read:confluence-groups,read:confluence-props,read:confluence-space.summary,read:confluence-user,read:account,readonly:content.attachment:confluence,search:confluence-
Click on Next.
-
Review the details and scopes, once you confirm click on Create token.
-
Copy the token and save for later.
-
-
Connect Atlassian Confluence to SailPoint Entro
In the SailPoint Entro Console, navigate to: Management → Accounts & Integrations → Add New Account (top right) → Atlassian → Scoped API Token - Confluence
Complete the onboarding form as follows:
Field Description Environment Enter the relevant environment type (e.g., Production / Staging) Atlassian URL Paste the URL with the company domain from Step 1 Confluence Cloud ID Paste the Confluence cloud ID from Step 2 Atlassian Username Paste the user email address from Step 3 Atlassian API Token Paste the API token from Step 4 Worker Group (Connector) Select the SailPoint Entro Connector handling Atlassian scans Then click Create Account.
SailPoint Entro will validate your credentials and start the initial scanning.
Security & Compliance
-
All SailPoint Entro actions are read-only; no changes are made to your pages, comments or attachments.
-
Tokens are encrypted in memory and transmitted only via TLS 1.2+.
-
Access scopes are restricted to pages, comments and attachments metadata and its history.
-
SailPoint Entro is certified for SOC 2 Type II, ISO 27001, and GDPR compliance.